As is known in the art, online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. Theft of private information is a significant problem, particularly for online applications. An adversary can exploit software vulnerabilities to gain unauthorized access to servers; curious or malicious administrators at a hosting or application provider can snoop on private data; and attackers with physical access to servers can access all data on disk and in memory.
One known approach to reduce the damage caused by server compromises is to encrypt sensitive data stored on a server and run all computations (application logic) on clients. Unfortunately, several important applications do not lend themselves to this approach, including database-backed web sites that process queries to generate data for the user, and applications that compute over large amounts of data. Even when this approach is tenable, converting an existing server-side application to this form can be difficult. Another approach would be to consider theoretical solutions such as fully homomorphic encryption, which allows servers to compute arbitrary functions over encrypted data, while only clients see decrypted data. However, fully homomorphic encryption schemes are still prohibitively expensive by orders of magnitude.
As is known in the art, SQL (Structured Query Language) is a programming language designed for managing data in relational database management systems (RDBMS). SQL includes data insert, query, update and delete, schema creation and modification, and data access control. The SQL language is sub-divided into several language elements, including: clauses, which are constituent components of statements and queries, expressions, which can produce either scalar values or tables with columns and rows of data, predicates, which specify conditions that can be evaluated to SQL three-valued logic or Boolean, and queries to retrieve data based on specific criteria, and statements. Queries are performed with a declarative SELECT statement to retrieve data from one or more tables, or expressions. Queries allow the user to describe desired data, leaving the database management system (DBMS) responsible for planning, optimizing, and performing the physical operations necessary to produce that result as it chooses.